diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2013-10-30 14:34:55 -0700 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2013-10-30 14:34:55 -0700 |
commit | f593848419b0d871509df388dadef8c1c98d9a99 (patch) | |
tree | c3a613498b8218877622bf4fb5d1c12384181219 | |
parent | bbeba7176d77df0ca47e2bad8a4f66915f07609d (diff) | |
download | cryptography-f593848419b0d871509df388dadef8c1c98d9a99.tar.gz cryptography-f593848419b0d871509df388dadef8c1c98d9a99.tar.bz2 cryptography-f593848419b0d871509df388dadef8c1c98d9a99.zip |
Slightly cleaner
-rw-r--r-- | cryptography/fernet.py | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py index 549abb36..59d8ad0c 100644 --- a/cryptography/fernet.py +++ b/cryptography/fernet.py @@ -41,16 +41,20 @@ class Fernet(object): # TODO: whole function is a giant hack job with no error checking data = base64.urlsafe_b64decode(data) assert data[0] == b"\x80" + timestamp = data[1:9] + iv = data[9:25] + ciphertext = data[25:-32] + hmac = data[-32:] if ttl is not None: - if struct.unpack(">Q", data[1:9])[0] + ttl > int(time.time()): + if struct.unpack(">Q", timestamp)[0] + ttl > int(time.time()): raise ValueError h = HMAC(self.signing_key, digestmod=hashes.SHA256) h.update(data[:-32]) hmac = h.digest() if not constant_time_compare(hmac, data[-32:]): raise ValueError - unencryptor = BlockCipher(ciphers.AES(self.encryption_key), modes.CBC(data[9:25])).unencryptor() - plaintext_padded = unencryptor.update(data[25:-32]) + unencryptor.finalize() + unencryptor = BlockCipher(ciphers.AES(self.encryption_key), modes.CBC(iv)).unencryptor() + plaintext_padded = unencryptor.update(ciphertext) + unencryptor.finalize() unpadder = padding.PKCS7(ciphers.AES.block_size).unpadder() return unpadder.update(plaintext_padded) + unpadder.finalize() |